CVE-2026-3527

Name of the Vulnerable Software and Affected Versions Drupal AJAX Dashboard versions prior to 3.1.0

Description A missing authentication check for a critical function in Drupal AJAX Dashboard allows exploitation of incorrectly configured access control security levels. The issue resides in the AJAX Dashboard module, specifically related to entity dashboards enabling configurable dashboards attached to entities with AJAX-reloading capabilities. The module does not adequately verify access permissions on the dashboard configuration route, potentially allowing unauthorized users to access and modify dashboard settings. The vulnerability is mitigated if the AJAX Dashboard Entity Dashboard submodule is not enabled.

Recommendations Update to AJAX Dashboard version 3.1.0 or later.